The Capsicum prototype was developed on FreeBSD 8.x, and released under a
BSD license to encourage open source, research, and commercial deployment.
We hope that Capsicum will make it easier for software developers and
researchers to use capability-based security in operating systems and
applications.
Capsicum has
now shipped as an "experimental" feature in FreeBSD 9.0!

To demonstrate Capsicum, we have added self-compartmentalization to a
number of UNIX applications and core system libraries, including tcpdump's
packet processing and rendering, and data compression using gzip.
We have also augmented existing privilege separation in OpenSSH and dhclient
using Capsicum, substituting strong capability-mode sandboxes for those based
on the porous UNIX chroot() API.
In collaboration with Google, we have adapted the Chromium web browser to use
Capsicum, showing significant programmability and security benefits over its
existing use of UNIX security primitives.

In order to explore the relationship between user interface security and
capability models, we have begun creating user agents, or angels,
which grant capabilities to sandboxed processes based on user interaction.
This includes a KDE-based PowerBox scheme allowing sandboxed applications to
request user-driven file open using standard dialogs.
You can read more about this and other on-going Capsicum-related projects to
make capability-based security more accessible to mainstream desktop and
applications on the Projects page.